1

since i havent found an answer to that on the net, im trying it here :

I was wondering how SNMP get his traffic data on a router ?

I am actually monitoring a router with 2 different way : - With snmp which seems to give me the exact number of octets going trought the router, - With a custom data flow collector ( a bit complicated think about it as netflow or sflow) who give me data only when a flow close (i guess its that right, if im wrong tell me).

So how snmp does that, did they got a poller on the port ? or do they just acess to something in the hardware ?

Alfieri Lorenzo
  • 15
  • 4

2 Answers2

1

SNMP is just a protocol, which in particular defines a data model to represent the agent status and configuration; there is no particular technology behinf the curitain. Often routers have an internal infrastructure that collects data and send to manager

Carmine Ingaldi
  • 856
  • 9
  • 23
  • So is it normal to get some difference between the two result ? For incoming traffic its pretty similar in terme of size, but for outgoing traffic i got massive difference, like 10 time more with snmp than flow – Alfieri Lorenzo Jul 13 '16 at 13:37
  • SNMP is just a protocol accessing what is specified in a MIB. Stored data have to be programmed and acessed in a language of your choice. – Ola Jul 14 '16 at 14:43
  • Sure it's not an SNMP business. Maybe it's a firmware problem or maybe there is some other factor to consider – Carmine Ingaldi Jul 15 '16 at 07:55
0

The underlying operating system keeps the counters for incoming octets and so on. The SNMP agent on the device usually reads the counters directly and returns the values to you via standard messages.

However, not familiar with the flow approach so cannot answer the other half of your question.

Lex Li
  • 60,503
  • 9
  • 116
  • 147